Microsoft Security Bulletin MS00-030 announces the availability of a patch that eliminates a vulnerability in Microsoft® Internet Information Server.
What´s the scope of the vulnerability?
This is a denial of service vulnerability. If a malicious user requested a file from a web server via an URL containing specially-malformed file extension data, the server could become unresponsive for some period of time.
There is no capability via this vulnerability to cause a server to fail, to cause any data to be lost, or to usurp administrative control of the machine. The vulnerability simply provides a way for a malicious attacker to consume most or all CPU availability. Given enough time, the server would resume normal operation on its own.
Read more
What´s the scope of the vulnerability?
This is a denial of service vulnerability. If a malicious user requested a file from a web server via an URL containing specially-malformed file extension data, the server could become unresponsive for some period of time.
There is no capability via this vulnerability to cause a server to fail, to cause any data to be lost, or to usurp administrative control of the machine. The vulnerability simply provides a way for a malicious attacker to consume most or all CPU availability. Given enough time, the server would resume normal operation on its own.
Read more
